You are viewing a plain text version of this content. The canonical link for it is here.

Posted to general@hadoop.apache.org by Masatake Iwasaki <iw...@apache.org> on 2022/06/10 16:03:08 UTC

CVE-2021-37404: Apache Hadoop: Heap buffer overflow in libhdfs native library

Severity: important

Versions affected:

2.9.0 to 2.10.1, 3.0.0 to 3.1.4, 3.2.0 to 3.2.2, 3.3.0 to 3.3.1

Description:

There is a potential heap buffer overflow in libhdfs native code.
Opening a file path provided by user without validation may result in
a denial of service or arbitrary code execution.

Mitigation:

Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or upper.

Credit:

This issue was discovered by Igor Chervatyuk.

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@hadoop.apache.org
For additional commands, e-mail: general-help@hadoop.apache.org